Armin Mueller wrote: > First i want to say that i am new in this group and that i am not very > versed in security questions. > And, my english not very good, sorry.
Mein Deutsch ist sicher schlimmer ;-) > [...]. These applications > should be run locally and on internet. To have a better overview all > files are sorted in different subdirectories the index.html is on top. > This works since several years on all browsers (Firefox, Opera, IE, > safari 3). Now with the new FF 3 Beta 2 our application brings security > errors. We have the information that this is because of > https://bugzilla.mozilla.org/show_bug.cgi?id=230606. > Now my question. Why does our applications run with all browsers but not > with FF 3. Have other browsers a lower security level? In a sense, they have a lower security level. IE uses the notion of "security zones" and "mark of the web" on downloaded files which is not seen as an effective concept by the Mozilla team. If Opera and Safari 3 do nothing, they are letting js files running from your hard drive do anything with the data that's on your hard drive. > Is there a > possibility to organize the files without running in errors with FF3. > Why are subdirectories not allowed? My install seems to use the value security.fileuri.origin_policy=3 by default which allows subdirectories, in an asymetric manner. Javascript can access files in the subdirectories, but files in the subdirectories can not access files in a higher directory. Can you make available an exemple that allows to see what your problem is exactly ? I tried to download locally your "schlatterbach" example, but it doesn't work properly from local disk, even with Fx 2, I get a "Browser does not support MapViewSVG functionnality" error. Fx3 doesn't even show me the content of the map, and Fx2 does, but changing the value of security.fileuri.origin_policy doesn't enhance that. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security